Add Xquik external skill source

[kriptoburak]

Summary

Adds Xquik's installable x-twitter-scraper skill to sources.yaml as an external source.

Validation

• Parsed sources.yaml with PyYAML and confirmed the new entry.
• Verified Xquik-dev/x-twitter-scraper master contains skills/x-twitter-scraper/SKILL.md and references/.
• Confirmed the public source repo and docs URL return HTTP 200.
• Ran git diff --check.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 70f9d0ab5b

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[kriptoburak]

Verified the current upstream source again. The raw skills/x-twitter-scraper/SKILL.md on Xquik-dev/x-twitter-scraper@master starts with a standalone --- line, followed by name: x-twitter-scraper, and matches the frontmatter regex ^---\s*\n...\n---\s*\n. The branch source entry already points at that master path, so no sources.yaml change is needed for this review item.

[jeremylongshore]

Thanks for submitting x-twitter-scraper — the skill body is genuinely impressive. Eleven reference files, explicit untrusted-content boundary markers, HMAC webhook verification, confirmation gates on every write, and a clear security story that explicitly rules out X login material, shell execution, and local file access. This is exactly the kind of quality work we want in the marketplace.

The only thing blocking merge is the frontmatter. Our marketplace-tier validator requires exactly eight top-level fields, and right now four of them aren't wired up correctly in skills/x-twitter-scraper/SKILL.md:

1. allowed-tools is missing entirely. The marketplace validator requires this field to declare which Claude Code tools the skill may invoke. Since this skill is API-only and does no local shell work, something like allowed-tools: Bash(curl:*), WebFetch — or even allowed-tools: WebFetch if the implementation relies on the built-in fetch rather than curl — would be accurate and appropriately narrow.

2. tags is missing entirely. Add a short YAML list, e.g. tags: [twitter, x, social-media, api-development, scraping].

3. version needs to move to the top level. It's currently at metadata.version: "2.4.16". The validator looks for version: "2.4.16" as a sibling of name, not nested.

4. author needs to move to the top level. Same situation — metadata.author: Xquik should become author: Xquik at the root of the frontmatter block.

After those four changes the corrected frontmatter block should look like:

---
name: x-twitter-scraper
description: "..."
allowed-tools: WebFetch
version: "2.4.16"
author: Xquik
license: MIT
compatibility: Requires internet access to call the first-party Xquik REST API.
tags: [twitter, x, social-media, api-development]
metadata:
  openclaw: ...
  security: ...
---

The metadata: nesting can stay for the openclaw and security blocks — just promote version and author out of it. No body changes needed at all.

---

Audited against the marketplace rubric (frontmatter completeness, license accuracy, tool-safety, real-vs-hollow content). Holding open as request-changes — happy to merge once the above lands.

• Jeremy Longshore
  intentsolutions.io